by
Sarah Harvey / February 7, 2023
Which Trust Services Criteria Do I Need to Include in my SOC 2 Audit? Once you’ve determined you are ready to pursue a SOC 2 audit report, the first thing you have to decide is which of the five Trust Services Principles (recently updated to Trust Services Criteria) you want to include in your SOC 2 audit report. SOC 2 reports can address one or more of the following categories:…
by
Sarah Harvey / April 12, 2023
Becoming PCI Compliant for the first time can be an overwhelming undertaking if you are unsure of where to start. With approximately 394 controls, this comprehensive data security standard can be a large undertaking that is best tackled with expert assistance. The first step towards achieving PCI compliance is to have a Gap Analysis performed by a PCI expert. Working with a PCI expert will help you to understand all…
by
Sarah Harvey / February 7, 2023
If you’re being asked about SOC 2 compliance for the first time, you may be wondering why. It’s becoming increasingly common for organizations to request that their vendors become SOC 2 compliant so they can ensure that the companies they are working with are appropriately protecting their sensitive information. Perhaps you’re a vendor of a larger organization who is being audited by a publicly traded company, or maybe you want…
by
Sarah Harvey / December 19, 2022
In order to understand the purpose of a Service Organization Control (SOC) 2 Report, it’s important to understand the background and history of how the SOC 2 came in to existence as a way for service organizations to manage the risks associated with outsourcing services. The original standard was known as SAS 70 and was a way service organizations could demonstrate the effectiveness of internal controls at their…
by
Sarah Harvey / April 12, 2023
What is PCI and DSS Compliance? This is a question KirkpatrickPrice, as a PCI QSA, is frequently asked. Let’s start with what it stands for. PCI stands for the Payment Card Industry. When we talk about compliance, we’re talking about the PCI DSS, or Payment Card Industry Data Security Standard. The PCI DSS originated from efforts by major credit card brands (Visa, MasterCard, American Express, Discover, and JCB) to encourage…
